Web Application Attacks and Defences
Published by MacAvon Media, 150 pages.
ISBN13: 978-0956737-06-9, ISBN10: 0-956737-06-4
A short book in the Web Security Topics series for Web developers. Provides a clear guide to injection attacks and cross-site scripting attacks, describing different kinds of attack, and explaining how to ensure that malicious data submitted to a Web application is either rejected or rendered harmless. Includes examples in JavaScript/Node.js, key points at the end of every section and a full glossary.
Recommended list prices: £7.99 (GBP), $11.49 (USD), €8.99 (EU) – actual prices at booksellers may vary.
This book will be available in December 2012. The number of pages is approximate pending publication.
Written for professional and student Web developers, this little book provides a clear guide to different kinds of malicious attack on Web applications, and the ways in which the developer can defend their application against these attacks.
Web applications may use secure communication and implement a secure authentication scheme, but still be vulnerable to attacks by way of specially crafted data that may be sent by malefactors. This book explains how requests which may seem legitimate can be used as a vehicle for injection attacks which access private files, execute commands on the server, generate bulk email, and execute database queries. It also describes those attacks, usually called cross-site scripting attacks, which rely on deceiving the Web application into executing JavaScript which can obtain data or cookies from visitors to the site.
The defence against such attacks is to ensure that malicious data submitted to the Web application is either rejected or rendered harmless. This guide describes how this can be achieved.
Short working programs written in JavaScript/Node.js are provided throughout the book and via the companion site websecuritytopics.info.